Tuesday, February 28, 2023

February 2023 Windows 11 Version 22H2 Non-Security Feature Updates Release

 Microsoft released the preview cumulative updates with non-security improvements and new features for Windows 11, Version 22H2. 

The new features will be included in the March 14, 2023 security update but is available now by 
opening Settings Windows Update and clicking Check for updates to install the “2023-02 Cumulative Update Preview”.  

UPDATE:  KB5022913 (OS Build 22621.1344) has now been released and includes the highlights and improvements in the release.  In addition to checking for updates, it can be downloaded from the Windows Update Catalog.

New app experiences will be delivered through Microsoft Store updates, and can be accessed by opening the Microsoft Store app on your device and then selecting Library > Get updates.

Following are some of the new features included in the update:

  • Bing chat in Windows Taskbar
  • Phone link for iOS in Preview
  • Richer experiences for Android phone users
  • Tabbed Notepad
  • Screened recording in Snipping Tool
  • New accessibility features for Braille and voice commands
A detailed description by Panos Panay of all of the features is available here.

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 110.0.1 Released

 

Mozilla sent Firefox Version 110.0.1 to the Release Channel today.

Fixed

  • Fixed clearing recent cookies clears all cookies (bug 1816279).

  • Fixed a bug causing the context menu to sometimes display on the background of other Firefox UI elements instead of the foreground on macOS (bug 1763990).

  • Fixed Manage bookmarks link on empty bookmarks toolbar not responding to clicks on Windows (bug 1812636).

  • Fixed WebGL crashes on Linux when ran inside a VMWare virtual machine (bug 1807942).

  • Fixed a bug with CSP serialization causing bugs with the MitID Digital ID in Denmark (Bug 1819096).

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, February 21, 2023

February 2023 Windows 11 Version 22H1 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H1.  The preview update for Windows 11, Version 22H2 is reported to be available in the near term.

Following are the highlights for KB5022905 (OS Build 22000.1641) for Windows 11: 

  • New! This update adds an advanced auto-learning feature for facial recognition.

  • This update addresses an issue that affects the Color filters setting. When you select Inverted, the system sets it to Grayscale instead.

  • This update addresses an issue that affects IE mode. The text on the status bar is not always visible.

  • This update addresses an issue that stops hyperlinks from working in Microsoft Excel.

  • This update addresses an issue that affects a certain streaming app. The issue stops video playback after an advertisement plays in the app.

See the referenced KB article for the list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

February 2023 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5022906 for all supported versions of Windows 10 (OS Builds 19042.2673, 19044.2673, and 19045.2673) optional “C” release preview cumulative updates with non-security improvements and fixes.

IMPORTANT: After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for these versions. Windows 10, version 22H2 will continue to receive security and optional releases.

The following are the highlighted changes included in the update:
  • New! This update improves your experience when you use Windows Spotlight on your lock screen. The informational links open faster.

  • This update addresses an issue that affects IE mode. The text on the status bar is not always visible.

  • This update addresses accessibility issues. They affect Narrator on the Settings home page.

  • This update addresses an issue that stops hyperlinks from working in Microsoft Excel.

  • This update addresses an issue that affects a certain streaming app. The issue stops video playback after an advertisement plays in the app.


See the referenced KB Article for prerequisites and the additional improvements and fixes included in the update for each edition.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 32.0.1 Released with Security Updates

 Pale Moon

Pale Moon has been updated to version 32.0.1.  This is a bugfix and security update.

Changes/Fixes:

  • Fixed a crash in the new regular expression code.
  • Added {Extended_Pictographic} unicode property escape to regular expressions.
  • Fixed a regression in regular expressions for literal parsing of invalid ranges.
  • Updated NSS to pick up fixes.
  • Security issues addressed: CVE-2023-25733 DiD, CVE-2023-25739 DiD and CVE-2023-0767.
  • UXP Mozilla security patch summary: 1 fixed, 2 DiD, 14 not applicable.

Notes:

DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, February 16, 2023

Optional Hotfix Patch for Adobe Reader and Acrobat for Windows

 

Adobe
Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes for Adobe Acrobat DC and Reader DC for Windows only. 

Bug Fixes

Annotations
  • 4394292: Intermittent crash in Acrobat while accessing embedded links
Viewer
  • 4392539: User is unable to set zoom using drop down under document preferences
Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.003.20322 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, February 14, 2023

Microsoft February 2023 Security Updates

 

The Microsoft February 2023 security updates have been released and consist of 75 new CVEs.  Of these CVEs, 9 are rated critical and 66 are rated important in severity.  At the time of release, two are listed as publicly known and none as being in the wild.

The security updates apply to the following products, features, and roles:  .NET and Visual Studio, .NET Framework, 3D Builder, Azure App Service, Azure Data Box Gateway,.Azure DevOps,.Azure Machine Learning, HoloLens, Internet Storage Name Service, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Publisher, Microsoft Office SharePoint, Microsoft Office Word, Microsoft PostScript Printer Driver, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, Power BI, SQL Server, Visual Studio, Windows Active Directory, Windows ALPC, Windows Common Log File System Driver, Windows Cryptographic Services, Windows Distributed File System (DFS), Windows Fax and Scan Service, Windows HTTP.sys, Windows Installer, Windows iSCSI, Windows Kerberos, Windows MSHTML Platform, Windows ODBC Driver, Windows Protected EAP (PEAP), Windows SChannel, and Windows Win32K.

See the long list of KBs at the bottom of the page at February 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Important:


After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for these versions. Windows 10, version 22H2 will continue to receive security and optional releases.


Also, as of today, the retired, out-of-support Internet Explorer 11 desktop application will be permanently turned off using a Microsoft Edge update on certain versions of Windows 10. See the Internet Explorer 11 desktop app retirement FAQ for more information.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The February 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 110.0 released with Security Updates

 FirefoxMozilla sent Firefox Version 110.0 to the release channel today.  The update includes nineteen security updates of which ten (10) are rated high, four (4) moderate, and five (5) rated low.

Firefox ESR was updated to Version 102.8.

High

#CVE-2023-25728: Content security policy leak in violation reports using iframes
#CVE-2023-25730: Screen hijack via browser fullscreen mode
#CVE-2023-25743: Fullscreen notification not shown in Firefox Focus
#CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
#CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
#CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
#CVE-2023-25738: Printing on Windows could potentially crash Firefox with some device drivers
#CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
#CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
#CVE-2023-25745: Memory safety bugs fixed in Firefox 110


Moderate


#CVE-2023-25729: Extensions could have opened external schemes without user knowledge
#CVE-2023-25732: Out of bounds memory write from EncodeInputStream
#CVE-2023-25734: Opening local .url files could cause unexpected network loads
#CVE-2023-25740: Opening local .scf files could cause unexpected network loads

 

Low


#CVE-2023-25731: Prototype pollution when rendering URLPreview
#CVE-2023-25733: Possible null pointer dereference in TaskbarPreviewCallback
#CVE-2023-25736: Invalid downcast in GetTableSelectionMode
#CVE-2023-25741: Same-origin policy leak via image drag and drop
#CVE-2023-25742: Web Crypto ImportKey crashes tab


New

  • It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi for all the folks who want to move over to Firefox instead!

  • GPU sandboxing has been enabled on Windows.

    Note: A bug in the popular X-Mouse Button Control (XMBC) tool may cause mouse wheel scrolling to stop working. The author(s) are working on an update. Meanwhile, scrolling can be restored by reconfiguring XMBC: either disable the Make scroll wheel scroll window under cursor option in the global settings, or enable the Disable scroll window under cursor option if using a custom profile for Firefox.

  • On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior.

  • Datetime, and datetime-local input fields can now be cleared with Cmd+Backspace and Cmd+Delete shortcut on macOS and Ctrl+Backspace and Ctrl+Delete on Windows and Linux.

  • GPU-accelerated Canvas2D is enabled by default on macOS and Linux.

  • WebGL performance improvement on Windows, MacOS and Linux.

  • Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality.

Changed

Colorways are no longer available in Firefox, at least not in the same way. You can still access your saved and active Colorways by selecting Add-ons and themes from the Firefox menu. Additionally, you can now install Colorways from all of the previous collections by visiting Colorways by Firefox on the Mozilla Add-ons website.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, February 06, 2023

Update to Pale Moon Version 32 Release Notes

Pale Moon

From Re: Pale Moon 32 has been released!

QuoteOne important implementation that was missed in the original release notes was the fact that we now also have a workaround for the infamous <button> issue where websites are non-compliant due to Google Chrome treating <button> elements like generic containers, contrary to the HTML standard.

The release notes have been updated accordingly now, and here is the implementation note to go along with it:
QuoteRelease Notes wrote:To provide users with a temporary work-around for non-compliant websites, a compatibility mode for <button> elements was implemented, which will treat <button> elements as generic containers instead of actual form button elements. This has been necessary because Chrome is not standards compliant in this respect and website developers regularly make the mistake of trying to use active content on button faces and expecting pointer events to end up being sent to the active content and not the button (which is not what the standard prescribes! See "content model" on the standards page stating there "must be no interactive content descendant"). Webmasters should be alerted to this compliance issue, but it can (temporarily) be worked around in the browser from this point for forward by setting the preference dom.forms.button.standards_compliant to false and restarting the browser. Note that this is a workaround and the only actual solution is advocacy for the standard and more browsers becoming standards compliant.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."

May the wind sing to you and the sun rise in your heart...